The Facebook Blog

I'm facing an anniversary soon: I will have worked at Facebook for four years. I was originally drawn to the company for the opportunity to help build a technology that enables people to model their social network and interact with it online. Equally as important, it was my first opportunity to work alongside my best friend of nearly two decades. Together, we threw ourselves into the task of building something we both believed in, working 18 hours a day, seven days a week with a small team of 40 people at the time.

About six weeks after we both... started, my best friend was killed in a tragic bicycling accident. It was a big blow to me personally, but it also was difficult for everyone at Facebook. We were a small, tight-knit community, and any single tragedy had a great effect on all of us. I can recall a company-wide meeting a few days after his death, where I spoke about what my friend meant to me and what we had hoped to do together. As a company, we shared our grief, and for many people it was their first interaction with death. To this day, I still have strong emotions when I think about that gathering.

The question soon came up: What do we do about his Facebook profile? We had never really thought about this before in such a personal way. Obviously, we wanted to be able to model people's relationships on Facebook, but how do you deal with an interaction with someone who is no longer able to log on? When someone leaves us, they don't leave our memories or our social network. To reflect that reality, we created the idea of "memorialized" profiles as a place where people can save and share their memories of those who've passed.

We understand how difficult it can be for people to be reminded of those who are no longer with them, which is why it's important when someone passes away that their friends or family contact Facebook to request that a profile be memorialized. For instance, just last week, we introduced new types of Suggestions that appear on the right-hand side of the home page and remind people to take actions with friends who need help on Facebook. By memorializing the account of someone who has passed away, people will no longer see that person appear in their Suggestions.

When an account is memorialized, we also set privacy so that only confirmed friends can see the profile or locate it in search. We try to protect the deceased's privacy by removing sensitive information such as contact information and status updates. Memorializing an account also prevents anyone from logging into it in the future, while still enabling friends and family to leave posts on the profile Wall in remembrance.

If you have a friend or a family member whose profile should be memorialized, please contact us, so their memory can properly live on among their friends on Facebook.

As time passes, the sting of losing someone you care about also fades but it never goes away. I still visit my friend's memorialized profile to remember the good times we had and share them with our mutual friends.


Max is weary of eucalyptus trees.

Last Friday, Facebook won an important victory for our users – and against spam and those who create it.

We've all experienced spam – those unwanted and, sometimes, inappropriate marketing messages. The bad guys behind those messages are always looking to find new ways to annoy people and Facebook's users have been among those targeted. We don't take this affront to our users lying down.

In a court in San Jose, after a legal proceeding lasting four months, federal Judge Jeremy Fogel awarded Facebook $873 million in damages against Adam... Guerbuez and Atlantis Blue Capital for sending sleazy messages to our users. The award is the largest judgment in history for an action brought under Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).

Does Facebook expect to quickly collect $873 million and share the proceeds in some way with our users? Alas, no. It's unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them (though we will certainly collect everything we can). But we are confident that this award represents a powerful deterrent to anyone and everyone who would seek to abuse Facebook and its users.

This judgment is the result of the tireless effort of our security experts, legal team and the other significant resources we've devoted to finding, exposing and prosecuting the sources of spam attacks. These efforts complement the sophisticated technical systems we continue to develop to limit the impact of these attacks or to block them altogether.

Everyone who participates constructively in Facebook should feel confident that we are fighting hard to protect you against spam and other online nuisances. We will continue to invest in this area by improving our technical safeguards and devoting significant resources to finding, exposing and prosecuting the sources of spam attacks.


Max Kelly is Facebook's Director of Security.

Most people use the internet without being aware of the constant threat of hackers, spammers, and phishers. Due to the nature of the internet, and the nature of malicious software, most websites will at some point need to deal with patching a security hole. All good websites take these issues very seriously, since no one wants users to suffer. At Facebook, where people keep so much of their lives and information, we've built an amazing security team solely focused on making sure our users have a safe experience on the site.

The security team... at Facebook is dedicated to investigating and auditing our own code for holes, as well as reaching out to people in an extended community to let us know if we've missed anything. If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible. In fact, we appreciate it when help comes our way from the many security experts and organizations out there. That's why many of us are attending DEFCON this weekend. DEFCON is one of the largest and oldest running hacker conventions, held in Vegas. By going and learning from other people in the online security space, we make keeping people safe online a joint effort.

Even right now, as we're preparing to leave for DEFCON, we spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on Walls urging users to view a video that pretends to be hosted on a Google or YouTube website. We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware.

As a Facebook user you can help us protect you by doing the following things: